public static IdToken Parse(string idToken) { if (string.IsNullOrEmpty(idToken)) { return(null); } IdToken idTokenBody = null; string[] idTokenSegments = idToken.Split(new[] { '.' }); if (idTokenSegments.Length < 2) { throw new MsalClientException( MsalError.InvalidJwtError, MsalErrorMessage.IDTokenMustHaveTwoParts); } try { byte[] idTokenBytes = Base64UrlHelpers.DecodeToBytes(idTokenSegments[1]); idTokenBody = JsonHelper.DeserializeFromJson <IdToken>(idTokenBytes); } catch (JsonException exc) { throw new MsalClientException( MsalError.JsonParseError, MsalErrorMessage.FailedToParseIDToken, exc); } return(idTokenBody); }
[InlineData("", "")] // Empty string public void DecodeToBytes_ValidBase64UrlString_ReturnsByteArray(string stringToDecode, string expectedDecodedString) { var expectedDecodedByteArray = Encoding.UTF8.GetBytes(expectedDecodedString); var actualDecodedByteArray = Base64UrlHelpers.DecodeToBytes(stringToDecode); Assert.Equal(expectedDecodedByteArray, actualDecodedByteArray); }
public void DecodeToBytes_InvalidBase64UrlStringLength_ThrowsException() { var stringToDecodeWithInvalidLength = "MTIzNDU21"; Action decodeAction = () => Base64UrlHelpers.DecodeToBytes(stringToDecodeWithInvalidLength); var exception = Assert.Throws <ArgumentException>(decodeAction); Assert.Equal(IDWebErrorMessage.InvalidBase64UrlString + " (Parameter 'arg')", exception.Message); }
public void DecodeToBytes_ValidBase64UrlString_ReturnsByteArray() { var stringToDecodeWithNoPadding = "MTIzNDU2"; var expectedDecodedByteArray = Encoding.UTF8.GetBytes("123456"); var actualDecodedByteArray = Base64UrlHelpers.DecodeToBytes(stringToDecodeWithNoPadding); Assert.Equal(expectedDecodedByteArray, actualDecodedByteArray); var stringToDecodeWith1Padding = "MTIzNDU2Nzg"; expectedDecodedByteArray = Encoding.UTF8.GetBytes("12345678"); actualDecodedByteArray = Base64UrlHelpers.DecodeToBytes(stringToDecodeWith1Padding); Assert.Equal(expectedDecodedByteArray, actualDecodedByteArray); var stringToDecodeWith2Padding = "MTIzNDU2Nw"; expectedDecodedByteArray = Encoding.UTF8.GetBytes("1234567"); actualDecodedByteArray = Base64UrlHelpers.DecodeToBytes(stringToDecodeWith2Padding); Assert.Equal(expectedDecodedByteArray, actualDecodedByteArray); var stringToDecodeWithBase64Plus = "MTI-MTIz"; expectedDecodedByteArray = Encoding.UTF8.GetBytes("12>123"); actualDecodedByteArray = Base64UrlHelpers.DecodeToBytes(stringToDecodeWithBase64Plus); Assert.Equal(expectedDecodedByteArray, actualDecodedByteArray); var stringToDecodeWithBase64Slash = "MTI_MTIz"; expectedDecodedByteArray = Encoding.UTF8.GetBytes("12?123"); actualDecodedByteArray = Base64UrlHelpers.DecodeToBytes(stringToDecodeWithBase64Slash); Assert.Equal(expectedDecodedByteArray, actualDecodedByteArray); var emptyStringToDecode = string.Empty; expectedDecodedByteArray = Encoding.UTF8.GetBytes(emptyStringToDecode); actualDecodedByteArray = Base64UrlHelpers.DecodeToBytes(emptyStringToDecode); Assert.Equal(expectedDecodedByteArray, actualDecodedByteArray); }
public static ClientInfo CreateFromJson(string clientInfo) { if (string.IsNullOrEmpty(clientInfo)) { throw new MsalClientException( MsalError.JsonParseError, "client info is null"); } try { return(JsonHelper.DeserializeFromJson <ClientInfo>(Base64UrlHelpers.DecodeToBytes(clientInfo))); } catch (Exception exc) { throw new MsalClientException( MsalError.JsonParseError, "Failed to parse the returned client info.", exc); } }
internal static string DecryptBrokerResponse(string encryptedBrokerResponse, ICoreLogger logger) { byte[] outputBytes = Base64UrlHelpers.DecodeToBytes(encryptedBrokerResponse); string plaintext = string.Empty; using (MemoryStream memoryStream = new MemoryStream(outputBytes)) { byte[] key = GetRawBrokerKey(logger); AesManaged algo = GetCryptoAlgorithm(key); using (CryptoStream cryptoStream = new CryptoStream(memoryStream, algo.CreateDecryptor(), CryptoStreamMode.Read)) { using (StreamReader srDecrypt = new StreamReader(cryptoStream)) { plaintext = srDecrypt.ReadToEnd(); } } } return(plaintext); }
/// <summary> /// Creates a <see cref="KerberosSupplementalTicket"/> object from given ID token string.. /// </summary> /// <param name="idToken">ID token string.</param> /// <returns>A <see cref="KerberosSupplementalTicket"/> object if a Kerberos Ticket Claim exists in the given /// idToken parameter and is parsed correctly. Null, otherwise.</returns> public static KerberosSupplementalTicket FromIdToken(string idToken) { if (string.IsNullOrEmpty(idToken) || idToken.Length < 128) { // Token is empty or too short - ignore parsing. return(null); } string[] sections = idToken.Split('.'); if (sections.Length != 3) { // JWT should be consists of 3 parts separated with '.' return(null); } // decodes the second section containing the Kerberos Ticket claim if exists. byte[] payloadBytes = Base64UrlHelpers.DecodeToBytes(sections[1]); string payload = Encoding.UTF8.GetString(payloadBytes); if (string.IsNullOrEmpty(payload)) { return(null); } // parse the JSON data and find the included Kerberos Ticket claim. JObject payloadJson = JObject.Parse(payload); JToken claimValue; if (!payloadJson.TryGetValue(KerberosClaimType, out claimValue)) { return(null); } // Kerberos Ticket claim found. // Parse the json and construct the KerberosSupplementalTicket object. string kerberosAsRep = claimValue.Value <string>(); return((KerberosSupplementalTicket)JsonConvert.DeserializeObject(kerberosAsRep, typeof(KerberosSupplementalTicket))); }
public static IdToken Parse(string idToken) { if (string.IsNullOrEmpty(idToken)) { return(null); } IdToken idTokenBody = null; string[] idTokenSegments = idToken.Split(new[] { '.' }); if (idTokenSegments.Length < 2) { throw new MsalClientException( MsalError.InvalidJwtError, MsalErrorMessage.IDTokenMustHaveTwoParts); } try { byte[] idTokenBytes = Base64UrlHelpers.DecodeToBytes(idTokenSegments[1]); using (var stream = new MemoryStream(idTokenBytes)) { var serializer = new DataContractJsonSerializer(typeof(IdToken)); idTokenBody = (IdToken)serializer.ReadObject(stream); } } catch (Exception exc) { throw new MsalClientException( MsalError.JsonParseError, MsalErrorMessage.FailedToParseIDToken, exc); } return(idTokenBody); }
internal static string DecryptBrokerResponse(string encryptedBrokerResponse, ICoreLogger logger) { byte[] outputBytes = Base64UrlHelpers.DecodeToBytes(encryptedBrokerResponse); string plaintext = string.Empty; if (TryGetBrokerKey(out byte[] key)) { AesManaged algo = null; CryptoStream cryptoStream = null; MemoryStream memoryStream = null; try { memoryStream = new MemoryStream(outputBytes); algo = CreateSymmetricAlgorith(key); cryptoStream = new CryptoStream( memoryStream, algo.CreateDecryptor(), CryptoStreamMode.Read); using (StreamReader srDecrypt = new StreamReader(cryptoStream)) { plaintext = srDecrypt.ReadToEnd(); return(plaintext); } } finally { memoryStream?.Dispose(); cryptoStream?.Dispose(); algo?.Dispose(); } } throw new MsalClientException( MsalError.BrokerKeyFetchFailed, MsalErrorMessage.iOSBrokerKeyFetchFailed); }